Debian DSA-2581-1 : mysql-5.1 - several vulnerabilities
High Nessus Plugin ID 63151
The remote Debian host is missing a security-related update.
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes. Additionally, CVE-2012-5611 has been fixed in this upload. The vulnerability (discovered independently by Tomas Hoger from the Red Hat Security Response Team and 'king cope') is a stack-based buffer overflow in acl_get() when checking user access to a database. Using a carefully crafted database name, an already authenticated MySQL user could make the server crash or even execute arbitrary code as the mysql system user.
Upgrade the mysql-5.1 packages. For the stable distribution (squeeze), this problem has been fixed in version 5.1.66-0+squeeze1.